Microsoft Defender Antivirus doesn't get a lot of security respect, but it's been around for a long time. First released as Windows Defender in 2006, it's been included in every version of Windows since Vista, and is now just one of a set of built-in free security tools.
There's on-demand and real-time malware protection, for instance. Automatic detection and blocking of known malicious URLs and files. A simple firewall. And some very sophisticated low-level exploit protection which makes it far more difficult for malware to attack your system.
- Want to try Microsoft Defender? Check out the website here
Microsoft's parental controls are smarter than they used to be, too, with features including content filtering for Microsoft Edge, the ability to control how much time your kids can spend on their devices, and the ability to monitor all your family's devices from one place.
Can you really rely on Microsoft Defender Antivirus alone, though? Let's see.
Interface
One of the major benefits of Microsoft Defender Antivirus is it comes built-in with Windows, no installation required, no hassles, very little chance that it'll conflict with anything else: it just works.
One great advantage of this simplicity is most users never to see Defender's interface, beyond the occasional alert. Sensible default settings protect you out of the box, automatic scanning on download and execution keeps you safe from most threats, and idle and scheduled scans aim to detect everything else.
If you do want to take a look, though, type Windows in the Search box, choose Windows Security and browse what's on offer.
As with many other security apps, the main dashboard displays your security status, while a sidebar gives you access to various functions: antivirus, account protection (how you log in), firewall and network protection, malicious URL and app blocking, parental controls and more.
This isn't always intuitive. While many antivirus apps have their various Scan buttons visible on the dashboard, for instance, Defender's are buried away at the bottom of the Scan Options panel. Microsoft seems to have designed the Defender interface on the assumption that most users probably shouldn't be messing with this stuff, it seems, so they keep it at arm’s length.
Despite these initial hassles, it doesn't take long to figure out where everything is, and on balance Microsoft Defender Antivirus isn't difficult to use.
Antivirus
Microsoft Defender has the full range of scanning options, and more: a quick scan, a full system scan, a custom scan to check the files and folders you need, even a boot scan which runs before Windows fully loads, to remove the most stubborn threats.
Quick scans took around a minute on our test PC, but we couldn't get a consistent time for other scans. Defender focuses more on reducing its system impact than ramping up scan times. But does this work? It's unclear.
AV-Comparative's October 2020 Performance Test says no, placing Microsoft Defender a distant last place in a field of 17.
PassMark's 2020 AntiVirus Performance Benchmarks says otherwise, though, with Defender ranked 4th best out of 12 for its minimal performance impact.
Meanwhile, AV-Test's Windows Consumer performance results are somewhere in the middle; sometimes Microsoft Defender scores well, but not always, and it's not as consistent as many top antivirus apps.
Protection
Protection is what really matters with any antivirus, and Microsoft Defender's rating, like just about everything else about the package, is mixed.
AV-Comparatives' July-October 2020 Real-World Protection Test placed Microsoft 12th out of 17, for instance, with a protection rating of 99.5%. That's not great, especially as Panda, F-Secure and Trend Micro all blocked 100% of threats. Still, Defender wasn't far behind Bitdefender (99.6%) and NortonLifeLock (99.5%, but ranked higher due to AV-Comparative's scoring system), and outperformed ESET (99.3%), Avira (99.3%) and McAfee (98.5%.)
AV-Test's Windows Consumer tests found Microsoft blocked 100% of test threats in four out of six tests over the past year. That broadly matches AV-Comparatives' results; better than McAfee (scored 100% in three out of six), similar to Avira (four 100% scores), but trailing the likes of Bitdefender, F-Secure and Trend Micro (perfect 100% scores in all six tests.)
SE-Labs' July-September 2020 Home Anti-Malware Protection report tells a similar story, with Microsoft Defender ranked 8th out of 14 on its Total Accuracy rating.
Our own tests showed capable file detection, but little in the way of behavior monitoring.
For example, one group of tests involves using trusted Windows apps to download malicious files, a common scripting trick. Bitdefender and Kaspersky realized there was a problem purely from the behavior, and killed the process before it could download the file. Microsoft Defender accepted the behavior, allowed the download, and only raised the alarm when it realized the file was malicious. It still protected us, this time, but perhaps wouldn't have done if the threat were brand new.
We pitted Microsoft Defender against our custom ransomware, but it missed that, too, allowing it to encrypt thousands of test files.
Fortunately, Defender has a second layer of protection in its Controlled Folders feature (Security Center > Virus & Threat Protection > Manage Ransomware Protection.) Turn this on and it automatically blocks unauthorized apps from accessing key document folders (Documents, Pictures, Videos, Music, more) and you can easily add more.
We turned Controlled Folders on, added our test folder to the list, and ran the ransomware simulator again. This time, Defender displayed an alert when our ransomware tried to access the folder, and it wasn't able to encrypt any documents.
This isn't exactly sophisticated. Controlled Folders simply blocks everything it doesn't recognize, and we found a couple of legitimate programs refused to run until we'd manually added them to an Exceptions list.
Avast's Ransomware Shield is smarter, more like a firewall; when it detects an unauthorized access to a folder, it alerts you, but also asks if the process is legitimate. Confirm it, Ransomware Shield adds the app to your Exceptions list itself and there's nothing else to do.
Controlled Folders could be better, then, but it did its core job, keeping us safe from a threat that the antivirus engine missed.
We're not going to discuss it in depth here, but Windows' OneDrive integration helps a little, too. The standard 5GB of free online storage space isn't a lot, but it's free, it's 5GB more than you'll get with most security apps, and it could help you protect some of your most important data from attack.
More features
Windows security doesn't stop with antivirus, and there are several other features to explore.
Top of the list is probably the firewall. This does a fair job of protecting you from incoming network attacks, but it's less interested in controlling outbound access; if an app is able to run as an administrator, it's able to customize the firewall by adding its own rules. Any system firewall has to do that, but it does allow many apps to leave a mess behind as they add rules, then 'forget' to remove them when uninstalled.
(To see this in action, go to Windows Security > Firewall & Network Protection > Advanced Settings, then choose Inbound Rules or Outbound Rules, and look for rules left behind by apps you uninstalled long ago. Don't start deleting anything unless you're sure what you're doing and have a backup available, though; it's easy to make a mistake.)
Defender's reputation-based SmartScreen protection allows it to block access to malicious websites, files and apps. Its URL filtering is consistently less accurate than the competition in our tests, and, worse, it only works with Microsoft Edge. SmartScreen's file and download checks work system-wide, though, and they're a useful extra layer of protection.
Windows has a bunch of extremely low-level exploit and device security features, largely focused on how the operating system handles memory. They're important, but they're best left alone, even by expert users - playing with CFG, DEP, ASLR and Memory Integrity settings can in some situations break your PC to the point that it won't even boot.
Finally, there's the Family Options page, a collection of parental controls features.
The good: you get quite a few options, including the ability to filter websites by content, control when your kids can use their devices and which apps they can buy, then get regular activity reports on what they've been doing.
The bad: these are mostly very basic, and the browser options are Edge-only, limiting the control you can have if your kids are using platforms other than Windows.
Final verdict
Microsoft Defender isn't as accurate as the top antivirus competition, but it still outperforms some big-name commercial products, and is much less likely to cause issues with your other applications. If you value simplicity above leading edge detection rates, it's a reasonable choice.
- We've also highlighted the best antivirus
via Tech Trade
Comments
Post a Comment